|
3 | 3 | "BlueprintAllowed": false, |
4 | 4 | "Capability": "AKV", |
5 | 5 | "ClientMachineDescription": "The GUID of the tenant ID of the Azure Keyvault instance; for example, '12345678-1234-1234-1234-123456789abc'.", |
6 | | - "CustomAliasAllowed": "Optional", |
| 6 | + "CustomAliasAllowed": "Required", |
7 | 7 | "EntryParameters": [ |
8 | 8 | { |
9 | 9 | "Name": "CertificateTags", |
|
56 | 56 | "PowerShell": false, |
57 | 57 | "PrivateKeyAllowed": "Optional", |
58 | 58 | "Properties": [ |
59 | | - { |
60 | | - "Name": "TenantId", |
61 | | - "DisplayName": "Tenant Id", |
62 | | - "Description": "The ID of the primary Azure Tenant where the KeyVaults are hosted", |
63 | | - "Type": "String", |
64 | | - "DependsOn": "", |
65 | | - "Required": false |
66 | | - }, |
67 | 59 | { |
68 | 60 | "Name": "SkuType", |
69 | 61 | "DisplayName": "SKU Type", |
|
585 | 577 | { |
586 | 578 | "Name": "CertificateTags", |
587 | 579 | "DisplayName": "Certificate Tags", |
588 | | - "Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'", |
| 580 | + "Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'. Tag values may contain the placeholder tokens %SERIAL_NUMBER%, %NOT_BEFORE%, and %NOT_AFTER%, which are replaced with the certificate's serial number (hexadecimal) and validity dates (ISO-8601 UTC) before the tag is written.", |
589 | 581 | "Type": "string", |
590 | 582 | "RequiredWhen": { |
591 | 583 | "HasPrivateKey": false, |
|
637 | 629 | "Remove": true |
638 | 630 | }, |
639 | 631 | "Properties": [ |
| 632 | + { |
| 633 | + "Name": "SeparatePrivateKey", |
| 634 | + "DisplayName": "Store as JSON with separate private key", |
| 635 | + "Type": "Bool", |
| 636 | + "DependsOn": "", |
| 637 | + "DefaultValue": "false", |
| 638 | + "Required": false, |
| 639 | + "IsPAMEligible": false, |
| 640 | + "Description": "When enabled, the certificate is stored as a JSON document with separate 'certificate' (PEM certificate and chain, leaf first) and 'private_key' (PEM) properties, rather than a single concatenated PEM string." |
| 641 | + }, |
640 | 642 | { |
641 | 643 | "Name": "UseDefaultSdkAuth", |
642 | 644 | "DisplayName": "Use Default SDK Auth", |
|
762 | 764 | { |
763 | 765 | "Name": "CertificateTags", |
764 | 766 | "DisplayName": "Certificate Tags", |
765 | | - "Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'", |
| 767 | + "Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'. Tag values may contain the placeholder tokens %SERIAL_NUMBER%, %NOT_BEFORE%, and %NOT_AFTER%, which are replaced with the certificate's serial number (hexadecimal) and validity dates (ISO-8601 UTC) before the tag is written.", |
766 | 768 | "Type": "string", |
767 | 769 | "RequiredWhen": { |
768 | 770 | "HasPrivateKey": false, |
|
939 | 941 | { |
940 | 942 | "Name": "CertificateTags", |
941 | 943 | "DisplayName": "Certificate Tags", |
942 | | - "Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'", |
| 944 | + "Description": "If desired, tags can be applied to the certificate entries in AWS Secrets Manager. Provide them as a JSON string of key-value pairs ie: '{'tag-name': 'tag-content', 'other-tag-name': 'other-tag-content'}'. Tag values may contain the placeholder tokens %SERIAL_NUMBER%, %NOT_BEFORE%, and %NOT_AFTER%, which are replaced with the certificate's serial number (hexadecimal) and validity dates (ISO-8601 UTC) before the tag is written.", |
943 | 945 | "Type": "string", |
944 | 946 | "RequiredWhen": { |
945 | 947 | "HasPrivateKey": false, |
|
3517 | 3519 | "OnReenrollment": false |
3518 | 3520 | }, |
3519 | 3521 | "Description": "GCP Certificate Manager `scope` for this certificate entry. Allowed: `DEFAULT` (global external Application Load Balancers), `ALL_REGIONS` (cross-region internal Application Load Balancers), `EDGE_CACHE` (Media CDN), `CLIENT_AUTH` (mTLS trust configs / authorized client server certs). **Immutable in GCP** - once a certificate is created with a given scope, GCP refuses to change it. Inventory persists the existing scope back from GCP so renewals carry it forward automatically. A single store can hold certs at different scopes (the field is per-entry, not store-wide)." |
| 3522 | + }, |
| 3523 | + { |
| 3524 | + "Name": "labels", |
| 3525 | + "DisplayName": "Labels", |
| 3526 | + "Type": "String", |
| 3527 | + "DependsOn": "", |
| 3528 | + "DefaultValue": "", |
| 3529 | + "RequiredWhen": { |
| 3530 | + "HasPrivateKey": false, |
| 3531 | + "OnAdd": false, |
| 3532 | + "OnRemove": false, |
| 3533 | + "OnReenrollment": false |
| 3534 | + }, |
| 3535 | + "Description": "An optional list of one-to-many comma delimited label key:value pairs to assign to the certificate. Values should be entered as key1:value1,key2:value2,...,keyN:valueN. Inventory persists the certificate's existing GCP labels back into this field so renewals carry them forward automatically." |
3520 | 3536 | } |
3521 | 3537 | ] |
3522 | 3538 | }, |
|
0 commit comments